1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Network Weathermap Editor CVE-2013-2618

Web Attack: Network Weathermap Editor CVE-2013-2618

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit an arbitrary code execution vulnerability in the Network Weathermap Editor.

Additional Information

Network Weathermap is a network visualization tool.

Network Weathermap is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input submitted to the 'title field of the 'editor.php' script.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Affected

  • Network Weathermap 0.97a is vulnerable; other versions may also be affected.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube